FortiGuard
Fortinet’s Global Threat Intelligence and Research
Pwalia
Staff
Staff
Article Id 245299
Title VMware ESXi Server Ransomware Attack
Description ESXi servers vulnerable to the OpenSLP heap-overflow vulnerability (CVE-2021-21974) and OpenSLP remote code execution vulnerability (CVE-2020-3992) are being exploited through the OpenSLP, port 427 to deliver a new ransomware “ESXiArgs”. The ransomware encrypts files in affected ESXi servers and demand a ransom for file decryption.
CVEs CVE-2021-21974, CVE-2020-3992
Severity High
Posted on Feb 06, 2023
Outbreak Report Link https://www.fortiguard.com/outbreak-alert/esxiargs-ransomware
Contributors